The coronavirus pandemic has created much public discussion on issues that would normally only interest the scientific community, such as the infection coefficient or herd immunity.
In light of the data-sharing agreement between Israel’s Health Ministry and Pfizer for its COVID-19 vaccine, considerable attention has been paid in recent days to the matter of research using medical data, a substantial chunk of which is conducted in Israel by designated institutes belonging to the health maintenance organizations. There have also been questions asked about existing protections to safeguard the privacy of the public whose personal information is being used for the vaccine research.
This discussion seemingly splits into two camps. One claims that personal information is totally protected and information-sharing can benefit all of humankind. The other declares that it’s impossible to completely protect the information while simultaneously using it to conduct research of significant practical benefit.
Both camps are relying on established scientific knowledge, and discussions with professionals indicate that the differences of opinion stem mainly from the respective order of priorities: Should the emphasis be on the valuable insights that can be reached by analyzing large quantities of medical data? Or instead on the desire to protect patients, whose most sensitive, health-related information resides in the health-care system’s databases.
In other words, the debate is not only scientific but sociopolitical as well. As in every study conducted with personal information, trust in the extent of protection of privacy depends on the legal and practical protections of the data, and on our trust in those handling the information – which depends first of all on the transparency of the process.
Last week’s publication of the agreement with Pfizer is a positive step. However, the contract itself prompts various questions regarding the scope of the information to be transmitted, the extent to which it endangers the privacy of the vaccinated, and additional steps to ensure that there will be no misuse of the medical information of Israel’s citizens. Haaretz answers those questions below...
What is medical data and how is it gathered in Israel?
Medical data is the general term for a variety of information related to a person’s health. This information can be gathered from various sources – ranging from a home scale that measures BMI, to reports of a stomachache on social media, up to the results of tests administered in hospital.
- Congress Members Say Israel Should Vaccinate Palestinians in Occupied West Bank
- Giving It a Shot: The Israeli Expats Flying Home for a COVID-19 Vaccine
- Netanyahu's Optimism About COVID Vaccines Gives Way to Concern
The use of advanced algorithms to analyze huge quantities of medical data is now considered one of the most promising avenues for breakthroughs that will improve the health of humankind.
Israel is currently considered one of the world’s leading medical data powers, which is seemingly one reason for its high priority in receiving vaccines from Pfizer and Moderna. The main reason for this leadership is the health maintenance organizations, and the fact that in the late 1990s they decided to switch from manual to computerized record-keeping. Since the early 2000s, every doctor’s visit, test, prescription and medical procedure for HMO users has been stored in the computerized databases.
These databases were set up in order to provide doctors with complete and up-to-date access to the medical files of the patients sitting before them. But during the 2000s, the HMOs also started using this data to improve the service they provided to their clients.
At the beginning of the present decade, the two largest HMOs – Clalit and Maccabi – established research institutes whose purpose is to increase the derivation of medical benefits from the huge amount of medical data stored in their servers. Today, the HMOs have some of the world’s largest medical databases.
The scientific and medical potential contained within the HMOs’ servers has not escaped the notice of the world’s scientific community, and both research institutes stress that any cooperation takes place under strict rules that safeguard the privacy of the clients. For instance, the institutes’ servers are separate from those of the HMOs; the information stored in them is not updated in real time; the patients’ data undergoes a process of anonymization, with details that could be used to identify them being erased before the data is used for research.
How is the privacy of medical data ensured?
The Clalit and Maccabi research institutes stress that the medical data itself never exits the internal servers. Only the conclusions of the analyses, in the form of distribution or graphs derived from the data, are released – subject to approval – and can be used for publishing articles or for other purposes.
The main difference is that in Clalit, the data analysis is done by the institute researchers themselves, while Maccabi also gives outside researchers who work with the HMO access to the “sandbox” in the institute’s servers, where they can formulate questions and conduct various analyses related to their research on the anonymized data – all under supervision.
There’s also the anonymization itself, which is designed to protect privacy. On the most basic level, it includes erasing identifying details such as a person’s name, ID number, address, etc. However, when it comes to a medical file, even a small number of details can be used to identify a person. As a result, there are more sophisticated approaches to ensuring the privacy of medical data.
One approach is called aggregation, in which researchers don’t analyze the anonymized data itself but only study the distribution of various patient characteristics, based on parameters that specifically interest them.
If they suffice with generic parameters such as age, gender and weight, there’s no significant problem. However, the more substantial information they desire in order to gain significant medical insights, the greater the chances of identifying information about specific people.
A second, more advanced approach is called relative privacy. This means adding deliberate mistakes to the data – in a manner that won’t harm the researchers’ ability to reach significant conclusions.
Prof. Tomer Ashur, an expert on coding theory and cryptology from the Eindhoven University of Technology in the Netherlands, explains that when someone presents a question to a database, and the answer received is identical whether or not his data is found in the base, “then it has relative privacy for him regarding that question.”
Nowadays, it’s common to ask whether a determined player could breach privacy protections. The question is not whether the information is protected or not, but whether there’s a shift beyond a risk-based perception is how University of Haifa law professor Tal Zarsky, who specializes in online privacy issues, explains it.
What’s permitted and what’s forbidden when using medical data for research?
U.S. law cites 18 parameters that cannot appear in medical data in order for the information to be considered anonymized. In Israel, however, the legal situation is not nearly as clear.
The laws dealing with privacy and medical data were legislated in the 1980s and were last amended in the ’90s. In recent years, the Health Ministry has been trying to promote amendments to the legislation in order to keep up with ways in which information is now stored digitally, but the procedures are being delayed. Ironically, one reason for that is the spread of COVID-19.
In explanatory notes published by the Justice Ministry last summer regarding an amendment to the law, there was an attempt to switch from the dual concept of “there is or isn’t privacy” to a risk-based concept. According to the notes, the definition of the information would be explained as “a piece of information that refers to a person who is identified, or could be identified, by reasonable means.”
As of now, the legislation has not advanced. At the same time, the Health Ministry is also promoting amendments for organizing the use of medical data in research, but that process is still incomplete.
Most experts agree that the conditions of the agreement between Israel and Pfizer point to the fact that the research will be done while adopting reasonable means for protecting patients’ privacy.
However, several points in the agreement leave questions about whether they’re really reasonable enough – either due to vague wording or in passages that were redacted in order to safeguard the deal’s commercial details.
What are the problems with the Pfizer agreement?
Unlike the study with the medical data conducted by the two HMO institutes, the Health Ministry is planning to transfer the medical data to Pfizer itself, rather than forcing the U.S. company’s researchers to conduct their research within the ministry’s protected servers.
“The first layer – of technological protection – is missing,” Zarsky says. According to the ministry, that isn’t a problem because the information to be transmitted is in aggregate form.
The agreement details the epidemiological information to be sent to the company, and includes references to additional information to be transmitted, which is not detailed. According to the explanation, the information will include distribution “by age and additional demographic subgroups,” and could amount to a very limited number of vaccinated citizens. The weekly number of inoculated people who subsequently contract COVID-19 will also be sent to Pfizer, in distribution according to age groups “and additional demographic entities.”
What are those subgroups and additional demographic entities? The agreement doesn’t say. Will it include very specific cross sections such as the elderly, those with rare diseases, pregnant women over 40 who received one dose of the vaccine and then contracted the virus? There’s no way of knowing.
Will they be determined with sufficient consideration for protecting the privacy of the inoculated who are included in the aggregate information being sent to Pfizer? That’s unclear. Who’s responsible for the data analyses that will guarantee the privacy of citizens? That’s also unclear. The Health Ministry did not respond to Haaretz’s question as to whether all the information being sent to Pfizer will also be publicized.
Zarsky notes that the agreement refers to protection of privacy – for example, Pfizer’s promise to erase identifying information received by mistake. As is common in legal agreements, there’s also an explanation of what will happen if one of the parties does not abide by the conditions of the agreement, such as protecting the privacy of those vaccinated in Israel. What will happen if Pfizer does not abide by the privacy protection conditions? “That’s in the redacted part,” Zarsky says.
Why is the Helsinki Committee for Medical Research Involving Human Subjects not included?
According to accepted ethical practice in the scientific community, experiments on people, even those conducted with information already gathered, must receive the approval of the Helsinki Committee for Medical Research Involving Human Subjects.
The request for approval from the Helsinki Committee includes a document in which those submitting the request are required to explain whether the information included in the study is identified, coded or anonymized. Those submitting the requests can declare that the information used for the research is anonymized and aggregate, and they therefore request an exemption from receiving the agreement of those included in it for the use of their information.
The HMO research institutes stress that all the studies they’re conducting with the data of their clients receive all the Helsinki Committee permits before they get underway. On the face of it, the agreement between Israel and Pfizer seems designated for research purposes. Such research is subject to the rules of the Helsinki declaration, which determines what is permitted and forbidden in scientific research involving people.
But the Pfizer agreement states that the Health Ministry reached the conclusion that this project is exempt from receiving agreement for use of the data of those vaccinated, as is common in scientific research with similar data.
The chairman of the Health Ministry’s Supreme Helsinki Committee, Prof. Eitan Friedman, disagrees with this decision. In a video widely circulated on social media sites last week, Friedman stressed that a study of the results and efficacy of the vaccination is of great value. But he said his committee wanted to ensure that, in the context of the agreement between Israel and Pfizer, “The rights and the privacy of citizens of the State of Israel are preserved.”
All the experts Haaretz spoke to stress that the dispute is not about whether this is a study that examines the safety of the vaccines. (That was already completed and all the necessary regulatory permits were issued.) Instead, it revolves around whether the cooperation between the Health Ministry and Pfizer is considered a study to examine the effectiveness of the vaccine, which is based on an analysis of the medical data of those vaccinated in Israel and is therefore subject to ethical restrictions.
“A study of anonymous aggregate information is not individual property,” says Prof. Gil Siegel, director of the Research Institute for Medical Law and Bioethics at Ono Academic College and who spent 18 years serving on the Health Ministry’s Supreme Helsinki Committee. “Distributive anonymous information serves every one of us doctors every day at innumerable medical meetings and conferences,” he adds.
“In Israel, it should be emphasized, there is to date no law dealing with experiments on people – which is a shame and a disgrace,” he adds. But Siegel believes the agreement with Pfizer meets the rules practiced in Israel.
“We’re talking about life-saving vaccinations, and the Health Ministry serves as the long arm of the public when it comes to making decisions dealing with public health. And the moment we’re dealing with anonymized information, national information, that’s found in national institutions – the Health Ministry and the HMOs – part of the transaction between the citizens and the state is the government’s ability to plan policy and carry out data analyses, and to enable groups whose job it is to make maximum use for the benefit of the public’s health,” he says.
Dr. Tehilla Shwartz Altshuler, head of the Democracy in the Information Age program at the Israel Democracy Institute, disagrees with these conclusions. She says the binding document at the moment is the Health Ministry director general’s 2018 circular dealing with secondary uses of medical data. According to that paper, issuing medical data for research purposes “will be done subject to Helsinki Committee approval for ‘research that is not medical experimentation on human beings.’”
The circular also rules that one of the members of the committee discussing the request must be able to evaluate the statistical risk of harm to privacy in the planned study (as in U.S. law). The position of the Health Ministry is that its cooperation with Pfizer does not meet the criterion of research, and therefore is not subject to these rules.
The ministry is not responding to questions regarding the legal opinion on which this ruling is based. But the agreement with Pfizer defines the cooperation as a project whose aim is “to measure and analyze epidemiological data that is derived from the distribution of the vaccines, and to decide whether the concept of herd immunity after the vaccination of a certain percentage of Israel’s population applies.” In other words, to investigate the effect a large-scale vaccination program has on people becoming infected and infecting others with the coronavirus.
Shwartz Altshuler notes that many additional articles in the agreement emphasize the research nature of the cooperation. “So, if it quacks like research and walks like research, it’s research. And therefore they should have met the conditions of the director general’s circular and requested approval from the Helsinki Committee,” Shwartz Altshuler wrote on Facebook.
What does the Health Ministry say?
In response to a Haaretz request for additional details about these questions and vague points in the agreement, and the manner of handling medical data – including the question of who is responsible for evaluating the risk of harm to privacy, and on what basis it was decided the project does not require the approval of the Helsinki Committee – the Health Ministry sent a response that repeats previous declarations heard in the media, as follows:
“The vaccine received FDA approval and was used in this country in accordance with the approval that was granted, and therefore this is not research, and therefore there is no need for the Helsinki Committee (whose role is to examine whether ethical principals are being upheld during a research study). In the agreement to share aggregate information with Pfizer, which was presented to the public transparently, there are details about the information transmitted to Pfizer in Appendixes A and B of the agreement.
“This is the official data about the illness and the pandemic, data the Health Ministry has been tracking since the start of the pandemic and disseminates to the public in a transparent manner. The data does not include information that has been or could be identified.
“The distribution that was given – and that will be given later according to the agreement – is in accordance with the official illness data disseminated every day by the Health Ministry, for the information of the public and all the health-related organizations in Israel. As is clear to everyone, publicizing the information to the public does not require approval of the Helsinki Committee, and giving exactly the same information to Pfizer apparently does not require the Helsinki Committee.”
So, is the data of Israeli citizens protected?
As of now, most of the researchers with whom Haaretz spoke agree that the joint study with Pfizer seemingly provides reasonable protection for the privacy of those vaccinated in Israel. But only on condition that we trust the employees of the Health Ministry and their meticulousness in protecting citizens’ privacy with regard to dealing with the coronavirus.
The problem is that this is not the first time the Health Ministry has been involved in information that endangers privacy in a controversial manner. Although the professional leadership in the ministry has criticized, in various ways, the use of the Shin Bet security service to pinpoint the locations of COVID-19 carriers, the tool – which has been widely criticized for harming privacy – is being used by the ministry on a daily basis.
There are other questions that have not received as much public attention and which throw doubt on the degree of caution being exercised by the Health Ministry to protect the privacy of the medical data it receives about the virus. For example, insisting on a difference between data analysis for the ministry’s operative purposes in dealing with the pandemic, and an analysis of the data for research purposes, which is supposed to be subject to strict ethical restrictions.
In light of the partial details in the Pfizer agreement, and the lack of trust in the Health Ministry, additional transparency could ease the fears of harm to privacy. For instance, an external panel of experts from various fields who could examine the research questions and their degree of risk, and express independent approval to the effect that the data is being reasonably anonymized. Or at least approval by the ministry’s Helsinki Committee – to the effect that the planned research does not require consent from those vaccinated, since it doesn’t endanger their privacy.